New CDNetworks Research Reveals 69 Percent of US Companies’ DDoS Defenses Breached in Past Year

A new report released today by CDNetworks, global content delivery network (CDN) and cloud security provider, has found 88 percent of US businesses claim confidence in their current DDoS mitigation, despite 69 percent having suffered a successful DDoS attack in the last 12 months – the second highest proportion of successful attacks, beaten only slightly by the UK (71 percent).

Research conducted by Sapio Research on behalf of CDNetworks surveyed 500 senior IT personnel with material control over IT security from organizations in the US, UK, Germany, Austria and Switzerland. US businesses’ overconfidence in their DDoS mitigation and recent track record of being breached is all the more concerning given 88 percent believed new attacks to be likely or almost certain in the next 12 months, compared to only 77 percent in DACH.

Businesses in the DACH region are the most conservative as only 82 percent are confident in their DDoS mitigation, though the majority (57 percent) have suffered a successful DDoS attack in the last 12 months.

The self-assurance of US companies appears to stem from their high and growing DDoS investment and their long track record in investment in DDoS mitigation:

Businesses in the US are spending the most on DDoS mitigation – an average of $34,750 per year as compared to DACH respondents who have spent only $29,000 on average. More than a quarter (26 percent) of all US respondents have invested more than $53,000 in DDoS mitigation technologies in the last 12 months.

66 percent of US companies will further increase investment in mitigation technology over the next 12 months.

For all five of the key DDoS mitigation measures (manual protection, self-service DDoS technologies, managed mitigation, WAF and resilience audits), US businesses are the most likely to have invested for the first time more than five years ago.

Not only have 69 percent of US businesses’ DDoS defenses been breached in the last year, but for 27 percent of businesses, more than half of DDoS attacks have been successful – almost twice as high as the next most vulnerable country (UK:15 percent).

The results also reveal that US businesses believe malicious attacks by competitors are the most likely reason for an attack (32 percent), closely followed by blackmail (30 percent). The belief that they are being deliberately attacked, as opposed to being targeted at random (24 percent), makes the motivation for the attacks almost more alarming than their prevalence.

“The results show that most US companies are mindful of the alarming recent rise in DDoS attacks, and are increasing their investment in mitigation technology in response,” said Alex Nam, Managing Director, CDNetworks Americas. “This has understandably led to a confidence in resilience. But when comparing alongside the frequency of DDoS attacks and the likelihood of their success, this confidence tips worryingly into complacency. While initial and prolonged investments are theoretically putting US companies in a strong position to protect themselves against DDoS attacks, it seems businesses have not noticed they are losing the arms race against cybercriminals. Only with fundamental changes in mindset and more targeted investment can such confidence be earned.”